[Previous] [Next] [TOC] [Index]

Appendix A
Distinguished Names

istinguished Names (DNs) are the string representation for entry names in the directory. You use DNs to name entries when you add entries to the directory, add members to groups, etc.

A DN can consist of virtually any attributes you wish to use. The only caveat is that if schema checking is turned on, then the attributes must be recognized by the Directory Server (if you do not know whether schema checking is turned on in the server, contact your directory manager, or consult the Netscape Directory Server Administrator's Manual for more information).

Traditionally, a DN consists of these items in the following order:

a common name
a list of regional or organizational attributes
a country designation

This string of identifying attributes uniquely locates the entry within your directory. If you choose, you can also use this naming structure to uniquely identify your entries within the global directory tree as defined in the X.500 standard.

Because a DN represents a path through the directory tree, the DN components are order-dependent. For example, the following DNs do not represent the same entry:

   cn=Ralph Swenson, ou=Accounting, o=Ace Industry, c=US 
   cn=Ralph Swenson, o=Ace Industry, ou=Accounting, c=US

Distinguished Name Syntax

The traditional syntax for a DN string representation is as follows:

cn=common name, [street=address, l=locality, st = state or province, ou=organizational unit, o=organization], c=country name

Generally a DN begins with a specific common name, and (reading from left to right) proceeds with increasingly broader areas of identification until the country name is specified. Note, however, that the actual DN attributes you use, and the order in which you choose to specify them, is up to you and how you want to organize your directory. The only real requirement is that DN attributes must be separated by a comma (,) and can optionally use a space ( ) following the separator.

Distinguished Name Attributes

The various standard attributes that comprise a DN are as follows:

**DN standard attribute definition**
Attribute	Name	Definition
c	country	Identifies the name of the country under which the entry resides. For example, c=US c=GB
cn	common name	Required attribute that identifies the person or object defined by the entry. For example: cn=Wally Henderson cn=Directory Administrators cn=printer3b
l	locality	Identifies the locality in which the entry resides. The locality could be a city, county, township, or other geographic region. For example: l=Tucson l=Pacific Northwest l=Anoka County
o	organization	Identifies the organization in which the entry resides. For example: o=Netscape Communications Corp o=Public Power & Gas
ou	organizational unit	Identifies a unit within the organization. For example: ou=Sales ou=Manufacturing
st	state or province name	Identifies the state or province in which the entry resides. For example: st=Iowa st=British Columbia
street	street address	Identifies the street address at which the entry resides. For example: street=494 Rice Creek Terrace

Distinguished Name Examples

The following are some examples of distinguished names:

   cn=Wally Henderson, ou=Product Development, o=Bait and Tackle Inc, st=Minnesota, c=US

   cn=Retch Sweeny, ou=Product Test, o=Bait and Tackle Inc, st=Michigan, c=US

   cn=printer3b, l=room 308, o=Acme Programming Ltd, c=US

[Previous] [Next] [TOC] [Index]

Last modified: March 31, 1997
Copyright © 1997 Netscape Communications Corporation